Presentation is loading. Please wait.

Presentation is loading. Please wait.

PLANNING A SECURE BASELINE INSTALLATION

Published byRolf Miles Modified over 5 years ago

Similar presentations

Presentation on theme: "PLANNING A SECURE BASELINE INSTALLATION"— Presentation transcript:

1 PLANNING A SECURE BASELINE INSTALLATION
CHAPTER 8

2 SELECTING COMPUTERS & OPERATING SYSTEM
Selecting appropriate operating system is essential for your network. You should first start preparing a list of hardware requirements for each role your computers have to fill based on the hardware product supported by your OS. You should also have policies regarding how long the organization is expected to use the computers & how frequent the OS & application will be upgraded.

3 Understanding computer roles
Computers have different capabilities & are used for a variety of tasks. Its crucial to understand what tasks the computers will perform & what components they need before you start selecting computers for your network.

4 Understanding the servers role
Servers typically have faster processors, more memory & more disk space than workstations. The application it runs, defines the servers role. Most common server roles are as follows; Backup server Database server Domain controller server File & print server Web server

5 Understanding desktop workstation’s role
Desktop workstations can have a wide range of functionality from simple system designed for 1 or 2 applications to high powered computers performing complex graphic, video and Computer Aided Design function. The basic function of a desktop on a network is to access server applications or files stored on servers so that the user can work with the data.

6 Creating hardware specifications
Creating hardware specifications before evaluating computers for your network enables you to decide which components a computer needs to fulfill a particular role. Administering a large fleet of computers is the easiest when you define your computer’s role & standardize the hardware & software needed.

7 Server hardware specification
You must consider the requirements & the capabilities of the applications that the server will run when you create the hardware specification. Computers marketed as servers have: more robust power supplies integrated components Sufficient amount of RAM & processor speed Supports multiple processors Requirements for fault tolerance

8 Desktop hardware specification
Objective in creating desktop hardware specification is to design system suitable for a wide variety of tasks. Ideal situation = single computer design suitable for all users on your network Order large number of identical computer & get good deals Technician would have to familiarize with only one hardware configuration. For high security, users can use smart cards to authenticate themselves when they log on.

9 Selecting operating system
Selecting OS for your network computers must be coordinated with developing your hardware specifications. Several other important factors; Application comparability – capable of running the applications you need. Support issues – cost involved in retraining technical personal if you change to different OS Security features – must have the security features your organizations requires. Cost – cost is always a factor when selecting an OS.

10 High-level security planning
A security framework is a logical structured process by which your organization performs tasks like the following; Estimating security risks Specifying security requirements Selecting security features Implementing security policies Designing security deployments Specifying security management policies.

11 Creating a security design team
To determine which people in your organization are going to be responsible for designing, implementing & maintaining the security policies. Organizations will assemble a team or committee responsible for security design. A well balanced team consists of people who can answer ; What are the organizations most valuable resources? What are the potential threats? What resources are most at risk? What security features are available? Etc etc

12 Mapping our a security life cycle
Creating a security framework is not a one time project, but an ongoing concern. A security life cycle consists of basic phases; Designing a security infrastructure Implementing security features Ongoing security management.

13 Designing security infrastructure
Security issues can have a major effect on many elements of your network design. The design phase begins with identifying the resources that need protection & evaluating the threats to those resources. Additional security products such as firewalls, smart card readers / biometric devices.

14 Designing security infrastructure
Typical security plans includes implementations of the following principles; Access control – granting specific levels of access based on users identity Auditing – administrator monitors system & network activities over extended period. Authentication – verification of users identity before providing access to secured resources Encryption – protection of data thru cryptographic application Firewalls – system designed to prevent unauthorized access to private network from outside.

15 Implementing security features
Implementation plan consists of a procedure & timetable for the process of evaluating, purchasing, installing & configuring security hardware & software products. Some softwares contain mechanism that enable users to enforce your policies.

16 Ongoing security managements
As for technical staffs, security management means regular checking of audit logs & other resources as well as monitoring individual systems & network traffic for signs of intrusion. Administrators must also update the security software products as needed

17 Evaluating security settings
File system permissions Basic security tools that enables you to specify which users & groups are given access to a specific folder/drive & what degree of access they have. Share permissions Consists of an access control mechanism that enables you to specify which users & groups are permitted to access a shared resource over network & the level of access they should have

18 Evaluating security settings
Registry permissions Installing applications & configuring OS setting modifies registry elements. Specifies who has the permission to access the registry & to what extend he can access & modify it. Use registry editor

19 Evaluating security settings
Account policy setting Enforce password history Maximum & minimum password age Maximum & minimum password length Password meet complexity requirements Account lockout threshold.

20 Evaluating security settings
Audit policies Specifying the activities that the system should record in a log. Audit account logon events Audit account management Audit directory service access Audit logon events Audit policy change Audit system events.

Download ppt "PLANNING A SECURE BASELINE INSTALLATION"

Similar presentations

Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.

11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Configuring File Services Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Configuring a File ServerConfigure a file server4.1 Using.

Configuring File Services Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Configuring a File ServerConfigure a file server4.1 Using.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Deploying and Managing Windows Server 2012

Deploying and Managing Windows Server 2012
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Term 2, 2011 Week 3. CONTENTS The physical design of a network Network diagrams People who develop and support networks Developing a network Supporting.

Term 2, 2011 Week 3. CONTENTS The physical design of a network Network diagrams People who develop and support networks Developing a network Supporting.
Securing Microsoft® Exchange Server 2010

Securing Microsoft® Exchange Server 2010
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Similar presentations

Ads by Google